COMMAND

    Dmailweb

SYSTEMS AFFECTED

    *nix/Win32 Web Servers running Dmailweb

PROBLEM

    Following info is based on Cerberus Information Security Advisory.
    The Cerberus Security Team has found a remotely exploitable buffer
    overrun in  Netwin's DMailWeb  (dmailweb/dmailweb.exe v2.5d),  CGI
    program designed to give access  to a user's SMTP and  POP3 server
    over  the  world  wide  web.   By  supplying  a  specially  formed
    QUERY_STRING  to  the  program  a  buffer  is  overflowed allowing
    execution of arbitrary code compromising the web server.

    The problem stems  from an overly  long "utoken" parameter.   This
    overflow  is  simple  to  exploit  by overwriting the saved return
    address with an address that contains a "jmp esp" or "call esp"  -
    the remainder of  the the QUERY_STRING  is pointed to  by the ESP.
    Over 1400 bytes is available for exploit code.

SOLUTION

    Netwin has made  available a patch  for this available  from their
    ftp server:

        ftp://ftp.netwinsite.com/pub/dmailweb/beta/

    Obtain the 2.5e version required for your system.